Ubuntu 754-1: ClamAV vulnerabilities

    Date07 Apr 2009
    CategoryUbuntu
    91
    Posted ByLinuxSecurity Advisories
    It was discovered that ClamAV did not properly verify its input whenprocessing TAR archives. A remote attacker could send a specially craftedTAR file and cause a denial of service via infinite loop.
    ===========================================================
    Ubuntu Security Notice USN-754-1             April 07, 2009
    clamav vulnerabilities
    https://launchpad.net/bugs/354190
    ===========================================================
    
    A security issue affects the following Ubuntu releases:
    
    Ubuntu 8.10
    
    This advisory also applies to the corresponding versions of
    Kubuntu, Edubuntu, and Xubuntu.
    
    The problem can be corrected by upgrading your system to the
    following package versions:
    
    Ubuntu 8.10:
      libclamav5                      0.94.dfsg.2-1ubuntu0.2
    
    In general, a standard system upgrade is sufficient to effect the
    necessary changes.
    
    Details follow:
    
    It was discovered that ClamAV did not properly verify its input when
    processing TAR archives. A remote attacker could send a specially crafted
    TAR file and cause a denial of service via infinite loop.
    
    It was discovered that ClamAV did not properly validate Portable Executable
    (PE) files. A remote attacker could send a crafted PE file and cause a
    denial of service (divide by zero).
    
    
    Updated packages for Ubuntu 8.10:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.94.dfsg.2-1ubuntu0.2.diff.gz
          Size/MD5:   159494 569d83469ec4c0c095e086b96ff93a3e
        http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.94.dfsg.2-1ubuntu0.2.dsc
          Size/MD5:     1507 50f4ad487c539c33097493adde678bbc
        http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.94.dfsg.2.orig.tar.gz
          Size/MD5: 22073819 7b45b0c54b887b23cb49e4bff807cf58
    
      Architecture independent packages:
    
        http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-base_0.94.dfsg.2-1ubuntu0.2_all.deb
          Size/MD5: 19497370 29b64e7342a2da826028fcd2d211c180
        http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-docs_0.94.dfsg.2-1ubuntu0.2_all.deb
          Size/MD5:  1077536 9dade9b20e2af72ab729f822a45ae620
        http://security.ubuntu.com/ubuntu/pool/universe/c/clamav/clamav-testfiles_0.94.dfsg.2-1ubuntu0.2_all.deb
          Size/MD5:   208252 185ffe0740b4452c30ff71f15f3acecd
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon):
    
        http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-daemon_0.94.dfsg.2-1ubuntu0.2_amd64.deb
          Size/MD5:   239812 d419a6a86bfed53b8c65de72018cf2be
        http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-dbg_0.94.dfsg.2-1ubuntu0.2_amd64.deb
          Size/MD5:   915298 f142f24d6536475da4f2e4c61c29668f
        http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-freshclam_0.94.dfsg.2-1ubuntu0.2_amd64.deb
          Size/MD5:   255646 d059cb2af281f852f6d4631dbf23d956
        http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.94.dfsg.2-1ubuntu0.2_amd64.deb
          Size/MD5:   235798 b42f6048c8c8c0a325ffafb6adc743a8
        http://security.ubuntu.com/ubuntu/pool/main/c/clamav/libclamav-dev_0.94.dfsg.2-1ubuntu0.2_amd64.deb
          Size/MD5:   574076 58ed72c648459676b3ca0b80bf292c72
        http://security.ubuntu.com/ubuntu/pool/main/c/clamav/libclamav5_0.94.dfsg.2-1ubuntu0.2_amd64.deb
          Size/MD5:   538786 baf0e94e72890b13a55e5a85240adcdd
        http://security.ubuntu.com/ubuntu/pool/universe/c/clamav/clamav-milter_0.94.dfsg.2-1ubuntu0.2_amd64.deb
          Size/MD5:   232880 aae5790414af14016065fc641c5d0103
    
      i386 architecture (x86 compatible Intel/AMD):
    
        http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-daemon_0.94.dfsg.2-1ubuntu0.2_i386.deb
          Size/MD5:   233350 8dab9e16b38722e0915b2c0bff509d57
        http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-dbg_0.94.dfsg.2-1ubuntu0.2_i386.deb
          Size/MD5:   849252 20380bf3aa97e511e8d5846b48cce4e3
        http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-freshclam_0.94.dfsg.2-1ubuntu0.2_i386.deb
          Size/MD5:   253896 168c66b29f99e32e310c95232a335caf
        http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.94.dfsg.2-1ubuntu0.2_i386.deb
          Size/MD5:   232884 ff274f6cfb81c7317e8dc6185e3b99e2
        http://security.ubuntu.com/ubuntu/pool/main/c/clamav/libclamav-dev_0.94.dfsg.2-1ubuntu0.2_i386.deb
          Size/MD5:   542018 90aa265556942f7e385ff8efd1d90378
        http://security.ubuntu.com/ubuntu/pool/main/c/clamav/libclamav5_0.94.dfsg.2-1ubuntu0.2_i386.deb
          Size/MD5:   524704 5a5769d3dcafc905cf2566b455a66055
        http://security.ubuntu.com/ubuntu/pool/universe/c/clamav/clamav-milter_0.94.dfsg.2-1ubuntu0.2_i386.deb
          Size/MD5:   229422 24ca2a59a498fcd1f0facd82a230382e
    
      lpia architecture (Low Power Intel Architecture):
    
        http://ports.ubuntu.com/pool/main/c/clamav/clamav-daemon_0.94.dfsg.2-1ubuntu0.2_lpia.deb
          Size/MD5:   232896 a7c1b915398100aae59e78196d88993d
        http://ports.ubuntu.com/pool/main/c/clamav/clamav-dbg_0.94.dfsg.2-1ubuntu0.2_lpia.deb
          Size/MD5:   866776 a0028dcb322e704271d64887c27298c3
        http://ports.ubuntu.com/pool/main/c/clamav/clamav-freshclam_0.94.dfsg.2-1ubuntu0.2_lpia.deb
          Size/MD5:   253922 e3eb70eb180f016131aa58b42c07d30f
        http://ports.ubuntu.com/pool/main/c/clamav/clamav_0.94.dfsg.2-1ubuntu0.2_lpia.deb
          Size/MD5:   232420 9684e4007d9b666997f952c412bc6bad
        http://ports.ubuntu.com/pool/main/c/clamav/libclamav-dev_0.94.dfsg.2-1ubuntu0.2_lpia.deb
          Size/MD5:   544010 15cebc737098bee5f8f29cea2f2ce926
        http://ports.ubuntu.com/pool/main/c/clamav/libclamav5_0.94.dfsg.2-1ubuntu0.2_lpia.deb
          Size/MD5:   527298 94c4332c8aafbd271ccf852e6e39f81f
        http://ports.ubuntu.com/pool/universe/c/clamav/clamav-milter_0.94.dfsg.2-1ubuntu0.2_lpia.deb
          Size/MD5:   229436 82e0002dafa432c7ba9cf3599f06c8a6
    
      powerpc architecture (Apple Macintosh G3/G4/G5):
    
        http://ports.ubuntu.com/pool/main/c/clamav/clamav-daemon_0.94.dfsg.2-1ubuntu0.2_powerpc.deb
          Size/MD5:   243080 12f136c1c63f192fcd10ba1be9ee9388
        http://ports.ubuntu.com/pool/main/c/clamav/clamav-dbg_0.94.dfsg.2-1ubuntu0.2_powerpc.deb
          Size/MD5:   903752 c1b8337a7907aff23b2d906a96d7ed2e
        http://ports.ubuntu.com/pool/main/c/clamav/clamav-freshclam_0.94.dfsg.2-1ubuntu0.2_powerpc.deb
          Size/MD5:   258406 b0b4ccab674564620c7d5cfb3ff1bf4b
        http://ports.ubuntu.com/pool/main/c/clamav/clamav_0.94.dfsg.2-1ubuntu0.2_powerpc.deb
          Size/MD5:   240432 d701e42128b81fc59d097bd0bd630d5d
        http://ports.ubuntu.com/pool/main/c/clamav/libclamav-dev_0.94.dfsg.2-1ubuntu0.2_powerpc.deb
          Size/MD5:   614092 53784edb59531d11ad1061fed69f1416
        http://ports.ubuntu.com/pool/main/c/clamav/libclamav5_0.94.dfsg.2-1ubuntu0.2_powerpc.deb
          Size/MD5:   555154 1367903a35abb12629e888a349e09c1f
        http://ports.ubuntu.com/pool/universe/c/clamav/clamav-milter_0.94.dfsg.2-1ubuntu0.2_powerpc.deb
          Size/MD5:   232982 78c674f2eb6be9553d6095c51a9b94fb
    
      sparc architecture (Sun SPARC/UltraSPARC):
    
        http://ports.ubuntu.com/pool/main/c/clamav/clamav-daemon_0.94.dfsg.2-1ubuntu0.2_sparc.deb
          Size/MD5:   232896 c7efef059d819f94201ce83033ac18b1
        http://ports.ubuntu.com/pool/main/c/clamav/clamav-dbg_0.94.dfsg.2-1ubuntu0.2_sparc.deb
          Size/MD5:   836434 fbe2ff2c6d676fc07b7c2ed6622dd111
        http://ports.ubuntu.com/pool/main/c/clamav/clamav-freshclam_0.94.dfsg.2-1ubuntu0.2_sparc.deb
          Size/MD5:   253176 9fa78256318e53cb80ae25083d9542e6
        http://ports.ubuntu.com/pool/main/c/clamav/clamav_0.94.dfsg.2-1ubuntu0.2_sparc.deb
          Size/MD5:   233292 7e71e6dae6924f5ec8ee5073307c6157
        http://ports.ubuntu.com/pool/main/c/clamav/libclamav-dev_0.94.dfsg.2-1ubuntu0.2_sparc.deb
          Size/MD5:   577972 c314d733cc7d2e1e7126306621051a32
        http://ports.ubuntu.com/pool/main/c/clamav/libclamav5_0.94.dfsg.2-1ubuntu0.2_sparc.deb
          Size/MD5:   543722 47a3c931269cec8100eb3996dfa3c2fd
        http://ports.ubuntu.com/pool/universe/c/clamav/clamav-milter_0.94.dfsg.2-1ubuntu0.2_sparc.deb
          Size/MD5:   230372 53641460c0f848902ed9d300443fbadd
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"39","type":"x","order":"1","pct":50,"resources":[]},{"id":"88","title":"Should be more technical","votes":"11","type":"x","order":"2","pct":14.1,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"28","type":"x","order":"3","pct":35.9,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.